package org.wso2.carbon.apimgt.integration.client;

import feign.Feign;
import feign.Logger;
import feign.RequestInterceptor;
import feign.RequestTemplate;
import feign.auth.BasicAuthRequestInterceptor;
import feign.gson.GsonDecoder;
import feign.gson.GsonEncoder;
import feign.jaxrs.JAXRSContract;
import feign.slf4j.Slf4jLogger;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.ws.rs.core.HttpHeaders;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.integration.client.configs.APIMConfigReader;
import org.wso2.carbon.apimgt.integration.client.exception.APIMClientOAuthException;
import org.wso2.carbon.apimgt.integration.client.internal.APIIntegrationClientDataHolder;
import org.wso2.carbon.apimgt.integration.client.model.ClientProfile;
import org.wso2.carbon.apimgt.integration.client.model.DCRClient;
import org.wso2.carbon.apimgt.integration.client.model.OAuthApplication;
import org.wso2.carbon.apimgt.integration.client.util.Utils;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.jwt.client.extension.dto.AccessTokenInfo;
import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException;

/* loaded from: input_file:org/wso2/carbon/apimgt/integration/client/OAuthRequestInterceptor.class */
public class OAuthRequestInterceptor implements RequestInterceptor {
    private static final String APPLICATION_NAME = "api_integration_client";
    private static final String GRANT_TYPES = "password refresh_token urn:ietf:params:oauth:grant-type:jwt-bearer";
    private static final String REQUIRED_SCOPE = "apim:api_create apim:api_view apim:api_publish apim:subscribe apim:tier_view apim:tier_manage apim:subscription_view apim:subscription_block";
    private static final String APIM_SUBSCRIBE_SCOPE = "apim:subscribe";
    private static final long DEFAULT_REFRESH_TIME_OFFSET_IN_MILLIS = 100000;
    private DCRClient dcrClient = (DCRClient) Feign.builder().client(Utils.getSSLClient()).logger(new Slf4jLogger()).logLevel(Logger.Level.FULL).requestInterceptor(new BasicAuthRequestInterceptor(APIMConfigReader.getInstance().getConfig().getUsername(), APIMConfigReader.getInstance().getConfig().getPassword())).contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()).target(DCRClient.class, Utils.replaceProperties(APIMConfigReader.getInstance().getConfig().getDcrEndpoint()));
    private static OAuthApplication oAuthApplication;
    private static Map<String, AccessTokenInfo> tenantUserTokenMap = new ConcurrentHashMap();
    private static final Log log = LogFactory.getLog(OAuthRequestInterceptor.class);

    public void apply(RequestTemplate requestTemplate) {
        if (oAuthApplication == null) {
            ClientProfile clientProfile = new ClientProfile();
            clientProfile.setClientName(APPLICATION_NAME);
            clientProfile.setCallbackUrl("");
            clientProfile.setGrantType(GRANT_TYPES);
            clientProfile.setOwner(APIMConfigReader.getInstance().getConfig().getUsername());
            clientProfile.setSaasApp(true);
            oAuthApplication = this.dcrClient.register(clientProfile);
        }
        try {
            String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
            String username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
            if (!tenantDomain.equals("carbon.super")) {
                username = username + "@" + tenantDomain;
            }
            AccessTokenInfo accessTokenInfo = tenantUserTokenMap.get(username);
            if (accessTokenInfo == null || System.currentTimeMillis() + DEFAULT_REFRESH_TIME_OFFSET_IN_MILLIS > accessTokenInfo.getExpiresIn()) {
                accessTokenInfo = APIIntegrationClientDataHolder.getInstance().getJwtClientManagerService().getJWTClient().getAccessToken(oAuthApplication.getClientId(), oAuthApplication.getClientSecret(), username, REQUIRED_SCOPE);
                accessTokenInfo.setExpiresIn(System.currentTimeMillis() + (accessTokenInfo.getExpiresIn() * 1000));
                if (accessTokenInfo.getScopes() == null) {
                    throw new APIMClientOAuthException("Failed to retrieve scopes from access token");
                }
                if (accessTokenInfo.getScopes().contains(APIM_SUBSCRIBE_SCOPE)) {
                    tenantUserTokenMap.put(username, accessTokenInfo);
                }
            }
            if (accessTokenInfo.getAccessToken() != null) {
                requestTemplate.header(HttpHeaders.AUTHORIZATION, new String[]{"Bearer " + accessTokenInfo.getAccessToken()});
            }
        } catch (JWTClientException e) {
            throw new APIMClientOAuthException("failed to retrieve oauth token using jwt", e);
        }
    }

    public void removeToken(String str, String str2) {
        if (!str2.equals("carbon.super")) {
            str = str + "@" + str2;
        }
        tenantUserTokenMap.remove(str);
    }
}
